1. Field of the Invention
The invention relates to data storage in computer memory, and in particular to a system and a method of providing protection to multimedia data stored in computer memory.
2. Description of the Related Art
As the range of applications and services provided by embedded systems, mobile communication devices, and consumer products expands, there is a corresponding increase in concerns about the security of the data used in these applications and services. Because of the large volume of data being processed, most of these embedded systems, mobile communication devices, and consumer products (for example, pay-TV, PDAs, mobile phones, cell phones, set-top boxes, point-of-sale systems, etc.) make use of external memory. As a result, there is a potential security problem in that data and software are constantly exchanged between external memory (“RAM”) and the memory controller in clear form, i.e., unencrypted, on the controller-memory bus. This data and software may contain confidential or proprietary data, such as commercial software or private contents, that either the end-user or the content provider wishes to protect from unauthorized dissemination.
These applications and services, in particular, broadband multimedia services, may be supported by configurable System-On-a-Chip (“SoC”) platforms, whose final implementation may be in an Application-Specific Integrated Circuit (“ASIC”) or a Field Programmable Gate Array (“FPGA”) in order to achieve high data throughput in a small package at low cost. As an example, one type of broadband multimedia application is the set-top box (“STB”), a device that needs to process concurrent streams of audio and video data associated with broadband multimedia services, as well as network packets processed in support of high-speed Internet access.
In many cases, the confidentiality of this software and data is highly desirable, if not absolutely necessary: end-user private data must be kept confidential, and unauthorized software use must be avoided, etc. Unfortunately, the amount of memory needed for these platforms requires the use of external memories for storing software and data, usually in unencrypted form. As a result, the controller-memory bus becomes the weak link in the system, potentially vulnerable to hackers who are able to observe both memory content and system execution through simple board-level probing at a relatively small cost.
There are various approaches that may be utilized to protect the data in the main memory. A known approach to protect the data is cryptography, which may be either symmetric cryptography (i.e., private-key cryptography) or asymmetric cryptography (i.e., public-key cryptography). Examples of symmetric cryptography are DES (Data Encryption Standard), triple-DES, and AES (Advanced Encryption Standard). Asymmetric cryptography uses both a public key and a private key, and generally requires more processing power and memory than a comparable symmetric cryptography system.
One implementation of this approach adds a high-speed and low-latency encryption/decryption engine in the memory controller. However, this is not always easily implemented, especially when low-latency is a requirement, because the standard algorithms, e.g., DES and AES, present their own set of problems—namely the latency induced in the pipeline because of the multiple passes required, which may cause throughput to decrease significantly. For this reason, a scrambling scheme that induces minimum pipeline latency is highly desirable. Another solution may be to develop low-latency scramblers in the memory controller. However, such scramblers may not have sufficient encryption capability and may be easily broken by hackers.
Therefore, there is a need for a system and a method of transmitting software and data between the memory controller and external memory in a secure manner, without a reduction in throughput, that is capable of implementation on small, efficient, low cost platforms such as fully-integrated ASICs and FPGAs.